Everyone knows the famous Eisenhower principle, which distinguishes between tasks according to their importance and urgency in order to accomplish them effectively. Requests from the very top often fulfill both criteria and thus become a so-called A-task, which, according to this principle, must be completed immediately by the user. But be careful: Even criminals know how to use the Eisenhower principle to their advantage. So-called CEO fraud has increased considerably in recent years - even in small and medium-sized companies. In this scam, criminals impersonate a CEO or member of the management board in order to persuade employees to transfer money. The victims are usually in the finance, HR or IT departments of a company.
The crux of the A tasks: If you don't question critically, you will fall into the trap unsuspectingly
Although attacks by telephone are also known, the perpetrators usually contact their victims by e-mail. The sender can be either a fake or an authentic but hacked e-mail address. The method, however, remains the same: a scenario is constructed under false pretenses to persuade the employee to transfer large sums of money to a mostly foreign bank account. These are usually extremely important and at the same time urgent matters which, subject to the requirement of confidentiality, seemingly tolerate no delay. In comparison to ordinary phishing attacks, CEO fraud is targeted and the pressure exerted on the victim is enormous - anyone who then, as a loyal employee, guilelessly follows the given instructions, unexpectedly falls into the trap.
Clarify about CEO fraud: Sensitize employees and managers through play
Such attacks are often difficult to detect and require a high level of awareness. Therefore, Security Island has now developed an e-learning course that simulates realistic attack attempts to make employees aware of the existing danger. Participants are provided with helpful parameters that help to unmask fraudsters and effectively fend off attacks. Because especially in times of corona, attackers have an easy job when it comes to constructing supposed A-tasks. Employees should therefore listen carefully to unexpected and urgent requests from above. For although there is no evidence that Dwight D. Eisenhower himself practiced the principle named after him, he would probably admit at this point that not all tasks should be completed immediately just because they claim to be important and urgent.